tawkto

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly uses the Membrane CLI to access Tawk.to data (e.g., Chat -> Visitor messages and Knowledge Base Articles) and the documented workflow instructs using membrane action list/run to fetch and act on that data, meaning untrusted user-generated third‑party content will be read and can materially influence agent actions.